LG-12283 handle missing PII in session

app/controllers/idv/personal_key_controller.rb

@@ -21,11 +21,16 @@ def show
       analytics.idv_personal_key_visited(
         address_verification_method: idv_session.address_verification_mechanism,
         in_person_verification_pending: idv_session.profile&.in_person_verification_pending?,
+        encrypted_profiles_missing: pii_is_missing?,
         **opt_in_analytics_properties,
       )
-      add_proofing_component
 
-      finish_idv_session
+      if pii_is_missing?
+        redirect_to_retrieve_pii
+      else
+        add_proofing_component
+        finish_idv_session
+      end
     end
 
     def update
@@ -117,5 +122,14 @@ def in_person_enrollment?
       return false unless IdentityConfig.store.in_person_proofing_enabled
       current_user.pending_in_person_enrollment.present?
     end
+
+    def pii_is_missing?
+      user_session[:encrypted_profiles].blank?
+    end
+
+    def redirect_to_retrieve_pii
+      user_session[:stored_location] = request.original_fullpath
+      redirect_to fix_broken_personal_key_url
+    end
   end
 end

spec/controllers/idv/personal_key_controller_spec.rb

@@ -45,6 +45,8 @@ def assert_personal_key_generated_for_profiles(*profile_pii_pairs)
 
   let(:threatmetrix_review_status) { nil }
 
+  let(:pii_cacher) { Pii::Cacher.new(user, controller.user_session) }
+
   before do
     stub_analytics
     stub_attempts_tracker
@@ -190,6 +192,18 @@ def assert_personal_key_generated_for_profiles(*profile_pii_pairs)
   end
 
   describe '#show' do
+    context 'when we have no personal key or encrypted profiles in the session' do
+      it 'redirects to get the users password and fetch the PII' do
+        controller.idv_session.personal_key = nil
+        controller.user_session[:encrypted_profiles] = nil
+
+        response = get :show
+
+        expect(controller.user_session[:stored_location]).to eq(idv_personal_key_path)
+        expect(response).to redirect_to(capture_password_path)
+      end
+    end
+
     context 'profile has been created from idv_session' do
       it 'does not redirect' do
         get :show
@@ -215,8 +229,17 @@ def assert_personal_key_generated_for_profiles(*profile_pii_pairs)
       end
 
       context 'but a profile is pending from a different session' do
+        before { pii_cacher.save(password, pending_profile) }
+
         context 'due to fraud review' do
-          let!(:pending_profile) { create(:profile, :fraud_review_pending, user: user) }
+          let!(:pending_profile) do
+            create(
+              :profile,
+              :fraud_review_pending,
+              :with_pii,
+              user: user,
+            )
+          end
 
           it 'does not redirect' do
             get :show
@@ -225,7 +248,14 @@ def assert_personal_key_generated_for_profiles(*profile_pii_pairs)
         end
 
         context 'due to in person proofing' do
-          let!(:pending_profile) { create(:profile, :in_person_verification_pending, user: user) }
+          let!(:pending_profile) do
+            create(
+              :profile,
+              :in_person_verification_pending,
+              :with_pii,
+              user: user,
+            )
+          end
 
           it 'does not redirect' do
             get :show

spec/features/idv/analytics_spec.rb

@@ -129,7 +129,7 @@
         proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: personal key visited' => {
-        address_verification_method: 'phone', in_person_verification_pending: false,
+        address_verification_method: 'phone', encrypted_profiles_missing: false, in_person_verification_pending: false,
         proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: personal key acknowledgment toggled' => {
@@ -237,7 +237,7 @@
         proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: personal key visited' => {
-        address_verification_method: 'phone', in_person_verification_pending: false,
+        address_verification_method: 'phone', encrypted_profiles_missing: false, in_person_verification_pending: false,
         proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: personal key acknowledgment toggled' => {
@@ -448,7 +448,9 @@
       },
       'IdV: personal key visited' => {
         in_person_verification_pending: true,
-        proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }, address_verification_method: 'phone'
+        address_verification_method: 'phone',
+        encrypted_profiles_missing: false,
+        proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' },
       },
       'IdV: personal key acknowledgment toggled' => {
         checked: true,
@@ -563,7 +565,7 @@
         proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: personal key visited' => {
-        address_verification_method: 'phone', in_person_verification_pending: false,
+        address_verification_method: 'phone', in_person_verification_pending: false, encrypted_profiles_missing: false,
         proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: personal key acknowledgment toggled' => {